[SOLVED] LXC container fails to start without any reason

P

popallo

Well-Known Member
Jul 2, 2019
36
6
48
France
apacher.eu
Hello everyone, I have a big problem on one of my vps since this morning, without any apparent reason.
After a server crash and a reboot, I find myself unable to start the lxc containers.

Here are the packages that are present on the server:
Code: 
proxmox-ve: 7.2-1 (running kernel: 5.15.64-1-pve)
pve-manager: 7.2-14 (running version: 7.2-14/65898fbc)
pve-kernel-5.15: 7.2-14
pve-kernel-helper: 7.2-14
pve-kernel-5.15.74-1-pve: 5.15.74-1
pve-kernel-5.15.64-1-pve: 5.15.64-1
pve-kernel-5.15.30-2-pve: 5.15.30-3
ceph-fuse: 15.2.16-pve1
corosync: 3.1.7-pve1
criu: 3.15-1+pve-1
glusterfs-client: 9.2-1
ifupdown2: 3.1.0-1+pmx3
ksm-control-daemon: 1.4-1
libjs-extjs: 7.0.0-1
libknet1: 1.24-pve2
libproxmox-acme-perl: 1.4.2
libproxmox-backup-qemu0: 1.3.1-1
libpve-access-control: 7.2-5
libpve-apiclient-perl: 3.2-1
libpve-common-perl: 7.2-7
libpve-guest-common-perl: 4.2-2
libpve-http-server-perl: 4.1-5
libpve-storage-perl: 7.2-12
libspice-server1: 0.14.3-2.1
lvm2: 2.03.11-2.1
lxc-pve: 5.0.0-3
lxcfs: 4.0.12-pve1
novnc-pve: 1.3.0-3
proxmox-backup-client: 2.2.7-1
proxmox-backup-file-restore: 2.2.7-1
proxmox-mini-journalreader: 1.3-1
proxmox-offline-mirror-helper: 0.5.0-1
proxmox-widget-toolkit: 3.5.2
pve-cluster: 7.2-3
pve-container: 4.3-4
pve-docs: 7.2-3
pve-edk2-firmware: 3.20220526-1
pve-firewall: 4.2-7
pve-firmware: 3.5-6
pve-ha-manager: 3.4.0
pve-i18n: 2.7-2
pve-qemu-kvm: 7.1.0-3
pve-xtermjs: 4.16.0-1
qemu-server: 7.2-10
smartmontools: 7.2-pve3
spiceterm: 3.2-2
swtpm: 0.8.0~bpo11+2
vncterm: 1.7-1
zfsutils-linux: 2.1.6-pve1

Here is the error when starting one of the containers (they all have the same symptom):
Code: 
lxc-start 100 20221119111123.256 ERROR    conf - ../src/lxc/conf.c:run_buffer:321 - Script exited with status 2
lxc-start 100 20221119111123.256 ERROR    start - ../src/lxc/start.c:lxc_init:847 - Failed to run lxc.hook.pre-start for container "100"
lxc-start 100 20221119111123.256 ERROR    start - ../src/lxc/start.c:__lxc_start:2008 - Failed to initialize container "100"
lxc-start 100 20221119111123.256 INFO     conf - ../src/lxc/conf.c:run_script_argv:337 - Executing script "/usr/share/lxcfs/lxc.reboot.hook" for container "100", config section "lxc"
lxc-start 100 20221119111123.759 INFO     conf - ../src/lxc/conf.c:run_script_argv:337 - Executing script "/usr/share/lxc/hooks/lxc-pve-poststop-hook" for container "100", config section "lxc"
lxc-start 100 20221119111124.256 ERROR    lxc_start - ../src/lxc/tools/lxc_start.c:main:306 - The container failed to start

I manage to mount the disk of container 100 without any error.

A disk check with fsck does not show any anomaly.

I don't know what to do in such a case, any idea?

Thanks in advance for any help.
 
Last edited:
t.lamprecht said:
The just uploaded pve-container package update version 4.3-5 should fix that again as it will now pull in the new binutils package dependency correctly.
Click to expand...
Indeed, after updating and restarting the server everything seems to work again. Thank you for your quick feedback and especially for your efficiency!
 
t.lamprecht said:
The just uploaded pve-container package update version 4.3-5 should fix that again as it will now pull in the new binutils package dependency correctly.
Click to expand...
Hi, i have the same issue since today. But there is no new update available on my side? What I have to do, to get the new fix? With apt-get update, nothing new is available
 
Last edited:
tobifanger said:
Hi, i habe the same issue since today. But there is no new update available on my side? What I have to do, to get the new fix?
Click to expand...
Go to shell and run:
Code: 
apt-get update && apt-get -y install binutils

These two comands will perform, in order: updating of apt package repo, and installation of binutils package which is a dependency for pve-container package.
 
Thank you all for the quick response. But I try all of your commands and nothing changes. My package Versions are:

Code: 
proxmox-ve: 7.2-1 (running kernel: 5.15.74-1-pve)
pve-manager: 7.2-14 (running version: 7.2-14/65898fbc)
pve-kernel-5.15: 7.2-14
pve-kernel-helper: 7.2-14
pve-kernel-5.13: 7.1-9
pve-kernel-5.15.74-1-pve: 5.15.74-1
pve-kernel-5.15.64-1-pve: 5.15.64-1
pve-kernel-5.15.60-2-pve: 5.15.60-2
pve-kernel-5.15.60-1-pve: 5.15.60-1
pve-kernel-5.15.53-1-pve: 5.15.53-1
pve-kernel-5.15.39-4-pve: 5.15.39-4
pve-kernel-5.15.39-3-pve: 5.15.39-3
pve-kernel-5.15.39-2-pve: 5.15.39-2
pve-kernel-5.15.39-1-pve: 5.15.39-1
pve-kernel-5.15.35-2-pve: 5.15.35-5
pve-kernel-5.15.35-1-pve: 5.15.35-3
pve-kernel-5.13.19-6-pve: 5.13.19-15
pve-kernel-5.13.19-5-pve: 5.13.19-13
pve-kernel-5.13.19-4-pve: 5.13.19-9
pve-kernel-5.13.19-3-pve: 5.13.19-7
pve-kernel-5.13.19-2-pve: 5.13.19-4
ceph-fuse: 15.2.15-pve1
corosync: 3.1.7-pve1
criu: 3.15-1+pve-1
glusterfs-client: 9.2-1
ifupdown2: 3.1.0-1+pmx3
ksm-control-daemon: 1.4-1
libjs-extjs: 7.0.0-1
libknet1: 1.24-pve2
libproxmox-acme-perl: 1.4.2
libproxmox-backup-qemu0: 1.3.1-1
libpve-access-control: 7.2-5
libpve-apiclient-perl: 3.2-1
libpve-common-perl: 7.2-7
libpve-guest-common-perl: 4.2-2
libpve-http-server-perl: 4.1-5
libpve-storage-perl: 7.2-12
libspice-server1: 0.14.3-2.1
lvm2: 2.03.11-2.1
lxc-pve: 5.0.0-3
lxcfs: 4.0.12-pve1
novnc-pve: 1.3.0-3
proxmox-backup-client: 2.2.7-1
proxmox-backup-file-restore: 2.2.7-1
proxmox-mini-journalreader: 1.3-1
proxmox-offline-mirror-helper: 0.5.0-1
proxmox-widget-toolkit: 3.5.2
pve-cluster: 7.2-3
pve-container: 4.3-4
pve-docs: 7.2-3
pve-edk2-firmware: 3.20220526-1
pve-firewall: 4.2-7
pve-firmware: 3.5-6
pve-ha-manager: 3.4.0
pve-i18n: 2.7-2
pve-qemu-kvm: 7.1.0-3
pve-xtermjs: 4.16.0-1
qemu-server: 7.2-10
smartmontools: 7.2-pve3
spiceterm: 3.2-2
swtpm: 0.8.0~bpo11+2
vncterm: 1.7-1
zfsutils-linux: 2.1.6-pve1

Here is my apt update output:
Code: 
root@pve-i5:~# apt update
Hit:1 http://ftp.debian.org/debian bullseye InRelease
Hit:2 http://security.debian.org/debian-security bullseye-security InRelease
Hit:3 http://ftp.debian.org/debian bullseye-updates InRelease
Hit:4 http://download.proxmox.com/debian/pve bullseye InRelease
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
All packages are up to date.
 
Last edited:
Yeah, wasn't on your side I think, seems that the sync to our repository mirror CDN was a bit slower than usual and only finished quite recently, so should be working now - else please holler at me.
 
Super nice, now I get the new Version and after an restart, everything went well again. THANK YOU ALL very much.
 
Today morning I had the same issue - solved it by downgrading the packages:

Code: 
apt install pve-container=4.2-3 libpve-cluster-perl=7.2-2 libpve-common-perl=7.2-3 libpve-guest-common-perl=4.1-4 libpve-storage-perl=7.2-10 pve-cluster=7.2-2 pve-ha-manager qemu-server=7.2-4 proxmox-ve pve-manager=7.2-11 libpve-cluster-api-perl=7.2-2

I now updated the packages again and rebooted.
Although the pve-container package updates to version 4.3-5, the error is back again.
VMs work without any issue, LXCs fail to start.

Code: 
Nov 19 14:19:17 pve-node-002 pvedaemon[1059]: <root@pam> starting task UPID:pve-node-002:00000AC2:0000C733:6378D7D5:vzstart:207:root@pam:
Nov 19 14:19:17 pve-node-002 pvedaemon[2754]: starting CT 207: UPID:pve-node-002:00000AC2:0000C733:6378D7D5:vzstart:207:root@pam:
Nov 19 14:19:17 pve-node-002 systemd[1]: Started PVE LXC Container: 207.
Nov 19 14:19:17 pve-node-002 kernel: loop0: detected capacity change from 0 to 434110464
Nov 19 14:19:17 pve-node-002 kernel: EXT4-fs (loop0): mounted filesystem with ordered data mode. Opts: (null). Quota mode: none.
Nov 19 14:19:18 pve-node-002 pvedaemon[2754]: startup for container '207' failed
Nov 19 14:19:18 pve-node-002 pvedaemon[1059]: unable to get PID for CT 207 (not running?)
Nov 19 14:19:18 pve-node-002 pvedaemon[1059]: <root@pam> end task UPID:pve-node-002:00000AC2:0000C733:6378D7D5:vzstart:207:root@pam: startup for container '207' failed
Nov 19 14:19:19 pve-node-002 ovs-vsctl[2809]: ovs|00001|vsctl|INFO|Called as /usr/bin/ovs-vsctl del-port fwln207i1
Nov 19 14:19:19 pve-node-002 ovs-vsctl[2809]: ovs|00002|db_ctl_base|ERR|no port named fwln207i1
Nov 19 14:19:19 pve-node-002 ovs-vsctl[2810]: ovs|00001|vsctl|INFO|Called as /usr/bin/ovs-vsctl del-port veth207i1
Nov 19 14:19:19 pve-node-002 ovs-vsctl[2810]: ovs|00002|db_ctl_base|ERR|no port named veth207i1
Nov 19 14:19:19 pve-node-002 ovs-vsctl[2811]: ovs|00001|vsctl|INFO|Called as /usr/bin/ovs-vsctl del-port fwln207i0
Nov 19 14:19:19 pve-node-002 ovs-vsctl[2811]: ovs|00002|db_ctl_base|ERR|no port named fwln207i0
Nov 19 14:19:19 pve-node-002 ovs-vsctl[2812]: ovs|00001|vsctl|INFO|Called as /usr/bin/ovs-vsctl del-port veth207i0
Nov 19 14:19:19 pve-node-002 ovs-vsctl[2812]: ovs|00002|db_ctl_base|ERR|no port named veth207i0
Nov 19 14:19:19 pve-node-002 systemd[1]: pve-container@207.service: Main process exited, code=exited, status=1/FAILURE
Nov 19 14:19:19 pve-node-002 systemd[1]: pve-container@207.service: Failed with result 'exit-code'.
Nov 19 14:19:19 pve-node-002 systemd[1]: pve-container@207.service: Consumed 1.265s CPU time.
Nov 19 14:26:18 pve-node-002 systemd[1]: Starting Cleanup of Temporary Directories...
Nov 19 14:26:18 pve-node-002 systemd[1]: systemd-tmpfiles-clean.service: Succeeded.
Nov 19 14:26:18 pve-node-002 systemd[1]: Finished Cleanup of Temporary Directories.
 
Last edited:
We got a lot of positive feedback over the last hours w.r.t. fix, som maybe something else (or a side-effect from down+re-upgrade, depending on how that was done).
ch888 said:
Although the pve-container package updates to version 4.3-5, the error is back again.
VMs work without any issue, LXCs fail to start.
Click to expand...
How did you upgrade again? Can you please post the output of the following two commands:

Code: 
pveversion -v
pct start 207 --debug
 
t.lamprecht said:
How did you upgrade again? Can you please post the output of the following two commands:
Click to expand...

I just did a simple "UPDATES - Refresh - _Upgrade" in the webinterface of one node.

Code: 
root@pve-node-002:~# pveversion -v
proxmox-ve: 7.2-1 (running kernel: 5.15.74-1-pve)
pve-manager: 7.2-14 (running version: 7.2-14/65898fbc)
pve-kernel-5.15: 7.2-14
pve-kernel-helper: 7.2-14
pve-kernel-5.13: 7.1-9
pve-kernel-5.15.74-1-pve: 5.15.74-1
pve-kernel-5.15.64-1-pve: 5.15.64-1
pve-kernel-5.13.19-6-pve: 5.13.19-15
pve-kernel-5.13.19-2-pve: 5.13.19-4
ceph-fuse: 15.2.15-pve1
corosync: 3.1.7-pve1
criu: 3.15-1+pve-1
glusterfs-client: 9.2-1
ifupdown2: 3.1.0-1+pmx3
ksm-control-daemon: 1.4-1
libjs-extjs: 7.0.0-1
libknet1: 1.24-pve2
libproxmox-acme-perl: 1.4.2
libproxmox-backup-qemu0: 1.3.1-1
libpve-access-control: 7.2-5
libpve-apiclient-perl: 3.2-1
libpve-common-perl: 7.2-7
libpve-guest-common-perl: 4.2-2
libpve-http-server-perl: 4.1-5
libpve-storage-perl: 7.2-12
libspice-server1: 0.14.3-2.1
lvm2: 2.03.11-2.1
lxc-pve: 5.0.0-3
lxcfs: 4.0.12-pve1
novnc-pve: 1.3.0-3
openvswitch-switch: 2.15.0+ds1-2+deb11u1
proxmox-backup-client: 2.2.7-1
proxmox-backup-file-restore: 2.2.7-1
proxmox-mini-journalreader: 1.3-1
proxmox-offline-mirror-helper: 0.5.0-1
proxmox-widget-toolkit: 3.5.2
pve-cluster: 7.2-3
pve-container: 4.3-5
pve-docs: 7.2-3
pve-edk2-firmware: 3.20220526-1
pve-firewall: 4.2-7
pve-firmware: 3.5-6
pve-ha-manager: 3.4.0
pve-i18n: 2.7-2
pve-qemu-kvm: 7.1.0-3
pve-xtermjs: 4.16.0-1
qemu-server: 7.2-10
smartmontools: 7.2-pve3
spiceterm: 3.2-2
swtpm: 0.8.0~bpo11+2
vncterm: 1.7-1
zfsutils-linux: 2.1.6-pve1

On that node, all containers fail.

Code: 
root@pve-node-002:~# pct start 207 --debug
run_buffer: 321 Script exited with status 1
lxc_init: 847 Failed to run lxc.hook.pre-start for container "207"
__lxc_start: 2008 Failed to initialize container "207"
rt-hook" for container "207", config section "lxc"
DEBUG    conf - ../src/lxc/conf.c:run_buffer:310 - Script exec /usr/share/lxc/hooks/lxc-pve-prestart-hook 207 lxc pre-start produced output: Can't locate object method "ct_is_symlink" via package "PVE::LXC::Setup::Unmanaged" at /usr/share/perl5/PVE/LXC/Setup.pm line 344.

DEBUG    conf - ../src/lxc/conf.c:run_buffer:310 - Script exec /usr/share/lxc/hooks/lxc-pve-prestart-hook 207 lxc pre-start produced output: error in setup task PVE::LXC::Setup::get_ct_init_path

ERROR    conf - ../src/lxc/conf.c:run_buffer:321 - Script exited with status 1
ERROR    start - ../src/lxc/start.c:lxc_init:847 - Failed to run lxc.hook.pre-start for container "207"
ERROR    start - ../src/lxc/start.c:__lxc_start:2008 - Failed to initialize container "207"
INFO     conf - ../src/lxc/conf.c:run_script_argv:337 - Executing script "/usr/share/lxcfs/lxc.reboot.hook" for container "207", config section "lxc"
startup for container '207' failed
 
When I downgrade again, the container start fine.

Code: 
root@pve-node-002:~# apt install pve-container=4.2-3 libpve-cluster-perl=7.2-2 libpve-common-perl=7.2-3 libpve-guest-common-perl=4.1-4 libpve-storage-perl=7.2-10 pve-cluster=7.2-2 pve-ha-manager qemu-server=7.2-4 proxmox-ve pve-manager=7.2-11 libpve-cluster-api-perl=7.2-2
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
proxmox-ve is already the newest version (7.2-1).
pve-ha-manager is already the newest version (3.4.0).
The following package was automatically installed and is no longer required:
  proxmox-mail-forward
Use 'apt autoremove' to remove it.
Suggested packages:
  libpve-network-perl
The following packages will be DOWNGRADED:
  libpve-cluster-api-perl libpve-cluster-perl libpve-common-perl libpve-guest-common-perl libpve-storage-perl
  pve-cluster pve-container pve-manager qemu-server
0 upgraded, 0 newly installed, 9 downgraded, 0 to remove and 0 not upgraded.
Need to get 0 B/2,938 kB of archives.
After this operation, 175 kB disk space will be freed.
Do you want to continue? [Y/n]
dpkg: warning: downgrading libpve-cluster-api-perl from 7.2-3 to 7.2-2
(Reading database ... 65750 files and directories currently installed.)
Preparing to unpack .../0-libpve-cluster-api-perl_7.2-2_all.deb ...
Unpacking libpve-cluster-api-perl (7.2-2) over (7.2-3) ...
dpkg: warning: downgrading libpve-cluster-perl from 7.2-3 to 7.2-2
Preparing to unpack .../1-libpve-cluster-perl_7.2-2_all.deb ...
Unpacking libpve-cluster-perl (7.2-2) over (7.2-3) ...
dpkg: warning: downgrading pve-cluster from 7.2-3 to 7.2-2
Preparing to unpack .../2-pve-cluster_7.2-2_amd64.deb ...
Unpacking pve-cluster (7.2-2) over (7.2-3) ...
dpkg: warning: downgrading libpve-guest-common-perl from 4.2-2 to 4.1-4
Preparing to unpack .../3-libpve-guest-common-perl_4.1-4_all.deb ...
Unpacking libpve-guest-common-perl (4.1-4) over (4.2-2) ...
dpkg: warning: downgrading pve-container from 4.3-5 to 4.2-3
Preparing to unpack .../4-pve-container_4.2-3_all.deb ...
Unpacking pve-container (4.2-3) over (4.3-5) ...
dpkg: warning: downgrading libpve-common-perl from 7.2-7 to 7.2-3
Preparing to unpack .../5-libpve-common-perl_7.2-3_all.deb ...
Unpacking libpve-common-perl (7.2-3) over (7.2-7) ...
dpkg: warning: downgrading qemu-server from 7.2-10 to 7.2-4
Preparing to unpack .../6-qemu-server_7.2-4_amd64.deb ...
Unpacking qemu-server (7.2-4) over (7.2-10) ...
dpkg: warning: downgrading pve-manager from 7.2-14 to 7.2-11
Preparing to unpack .../7-pve-manager_7.2-11_amd64.deb ...
Unpacking pve-manager (7.2-11) over (7.2-14) ...
dpkg: warning: downgrading libpve-storage-perl from 7.2-12 to 7.2-10
Preparing to unpack .../8-libpve-storage-perl_7.2-10_all.deb ...
Unpacking libpve-storage-perl (7.2-10) over (7.2-12) ...
Setting up libpve-common-perl (7.2-3) ...
Setting up pve-cluster (7.2-2) ...
Setting up libpve-cluster-perl (7.2-2) ...
Setting up libpve-cluster-api-perl (7.2-2) ...
Setting up libpve-storage-perl (7.2-10) ...
Setting up libpve-guest-common-perl (4.1-4) ...
Setting up pve-container (4.2-3) ...
Setting up qemu-server (7.2-4) ...
Setting up pve-manager (7.2-11) ...
Installing new version of config file /etc/vzdump.conf ...
Processing triggers for pve-ha-manager (3.4.0) ...
Processing triggers for man-db (2.9.4-2) ...

Code: 
root@pve-node-002:~# pct start 207 --debug
INFO     lsm - ../src/lxc/lsm/lsm.c:lsm_init_static:38 - Initialized LSM security driver AppArmor
INFO     conf - ../src/lxc/conf.c:run_script_argv:337 - Executing script "/usr/share/lxc/hooks/lxc-pve-prestart-hook" for container "207", config section "lxc"
DEBUG    seccomp - ../src/lxc/seccomp.c:parse_config_v2:656 - Host native arch is [3221225534]
INFO     seccomp - ../src/lxc/seccomp.c:parse_config_v2:807 - Processing "reject_force_umount  # comment this to allow umount -f;  not recommended"
INFO     seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:524 - Set seccomp rule to reject force umounts
INFO     seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:524 - Set seccomp rule to reject force umounts
INFO     seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:524 - Set seccomp rule to reject force umounts
INFO     seccomp - ../src/lxc/seccomp.c:parse_config_v2:807 - Processing "[all]"
INFO     seccomp - ../src/lxc/seccomp.c:parse_config_v2:807 - Processing "kexec_load errno 1"
INFO     seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:564 - Adding native rule for syscall[246:kexec_load] action[327681:errno] arch[0]
INFO     seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:564 - Adding compat rule for syscall[246:kexec_load] action[327681:errno] arch[1073741827]
INFO     seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:564 - Adding compat rule for syscall[246:kexec_load] action[327681:errno] arch[1073741886]
INFO     seccomp - ../src/lxc/seccomp.c:parse_config_v2:807 - Processing "open_by_handle_at errno 1"
INFO     seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:564 - Adding native rule for syscall[304:open_by_handle_at] action[327681:errno] arch[0]
INFO     seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:564 - Adding compat rule for syscall[304:open_by_handle_at] action[327681:errno] arch[1073741827]
INFO     seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:564 - Adding compat rule for syscall[304:open_by_handle_at] action[327681:errno] arch[1073741886]
INFO     seccomp - ../src/lxc/seccomp.c:parse_config_v2:807 - Processing "init_module errno 1"
INFO     seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:564 - Adding native rule for syscall[175:init_module] action[327681:errno] arch[0]
INFO     seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:564 - Adding compat rule for syscall[175:init_module] action[327681:errno] arch[1073741827]
INFO     seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:564 - Adding compat rule for syscall[175:init_module] action[327681:errno] arch[1073741886]
INFO     seccomp - ../src/lxc/seccomp.c:parse_config_v2:807 - Processing "finit_module errno 1"
INFO     seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:564 - Adding native rule for syscall[313:finit_module] action[327681:errno] arch[0]
INFO     seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:564 - Adding compat rule for syscall[313:finit_module] action[327681:errno] arch[1073741827]
INFO     seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:564 - Adding compat rule for syscall[313:finit_module] action[327681:errno] arch[1073741886]
INFO     seccomp - ../src/lxc/seccomp.c:parse_config_v2:807 - Processing "delete_module errno 1"
INFO     seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:564 - Adding native rule for syscall[176:delete_module] action[327681:errno] arch[0]
INFO     seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:564 - Adding compat rule for syscall[176:delete_module] action[327681:errno] arch[1073741827]
INFO     seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:564 - Adding compat rule for syscall[176:delete_module] action[327681:errno] arch[1073741886]
INFO     seccomp - ../src/lxc/seccomp.c:parse_config_v2:1017 - Merging compat seccomp contexts into main context
INFO     start - ../src/lxc/start.c:lxc_init:884 - Container "207" is initialized
INFO     cgfsng - ../src/lxc/cgroups/cgfsng.c:cgfsng_monitor_create:1029 - The monitor process uses "lxc.monitor/207" as cgroup
DEBUG    storage - ../src/lxc/storage/storage.c:storage_query:231 - Detected rootfs type "dir"
INFO     cgfsng - ../src/lxc/cgroups/cgfsng.c:cgfsng_payload_create:1137 - The container process uses "lxc/207/ns" as inner and "lxc/207" as limit cgroup
INFO     start - ../src/lxc/start.c:lxc_spawn:1765 - Cloned CLONE_NEWNS
INFO     start - ../src/lxc/start.c:lxc_spawn:1765 - Cloned CLONE_NEWPID
INFO     start - ../src/lxc/start.c:lxc_spawn:1765 - Cloned CLONE_NEWUTS
INFO     start - ../src/lxc/start.c:lxc_spawn:1765 - Cloned CLONE_NEWIPC
INFO     start - ../src/lxc/start.c:lxc_spawn:1765 - Cloned CLONE_NEWNET
INFO     start - ../src/lxc/start.c:lxc_spawn:1765 - Cloned CLONE_NEWCGROUP
DEBUG    start - ../src/lxc/start.c:lxc_try_preserve_namespace:139 - Preserved mnt namespace via fd 18 and stashed path as mnt:/proc/14687/fd/18
DEBUG    start - ../src/lxc/start.c:lxc_try_preserve_namespace:139 - Preserved pid namespace via fd 19 and stashed path as pid:/proc/14687/fd/19
DEBUG    start - ../src/lxc/start.c:lxc_try_preserve_namespace:139 - Preserved uts namespace via fd 20 and stashed path as uts:/proc/14687/fd/20
DEBUG    start - ../src/lxc/start.c:lxc_try_preserve_namespace:139 - Preserved ipc namespace via fd 21 and stashed path as ipc:/proc/14687/fd/21
DEBUG    start - ../src/lxc/start.c:lxc_try_preserve_namespace:139 - Preserved net namespace via fd 22 and stashed path as net:/proc/14687/fd/22
DEBUG    start - ../src/lxc/start.c:lxc_try_preserve_namespace:139 - Preserved cgroup namespace via fd 23 and stashed path as cgroup:/proc/14687/fd/23
WARN     cgfsng - ../src/lxc/cgroups/cgfsng.c:cgfsng_setup_limits_legacy:2767 - Invalid argument - Ignoring legacy cgroup limits on pure cgroup2 system
INFO     cgfsng - ../src/lxc/cgroups/cgfsng.c:cgfsng_setup_limits:2863 - Limits for the unified cgroup hierarchy have been setup
INFO     conf - ../src/lxc/conf.c:run_script_argv:337 - Executing script "/usr/share/lxc/lxcnetaddbr" for container "207", config section "net"
DEBUG    network - ../src/lxc/network.c:netdev_configure_server_veth:852 - Instantiated veth tunnel "veth207i0 <--> vethWrZbzA"
INFO     conf - ../src/lxc/conf.c:run_script_argv:337 - Executing script "/usr/share/lxc/lxcnetaddbr" for container "207", config section "net"
DEBUG    network - ../src/lxc/network.c:netdev_configure_server_veth:852 - Instantiated veth tunnel "veth207i1 <--> vethlEsndY"
DEBUG    conf - ../src/lxc/conf.c:lxc_mount_rootfs:1436 - Mounted rootfs "/var/lib/lxc/207/rootfs" onto "/usr/lib/x86_64-linux-gnu/lxc/rootfs" with options "(null)"
INFO     conf - ../src/lxc/conf.c:setup_utsname:875 - Set hostname to "openwrt-test"
DEBUG    network - ../src/lxc/network.c:setup_hw_addr:3821 - Mac address "66:41:4C:AC:53:22" on "eth0" has been setup
DEBUG    network - ../src/lxc/network.c:lxc_network_setup_in_child_namespaces_common:3962 - Network device "eth0" has been setup
DEBUG    network - ../src/lxc/network.c:setup_hw_addr:3821 - Mac address "B6:D3:D3:94:79:E5" on "eth1" has been setup
DEBUG    network - ../src/lxc/network.c:lxc_network_setup_in_child_namespaces_common:3962 - Network device "eth1" has been setup
INFO     network - ../src/lxc/network.c:lxc_setup_network_in_child_namespaces:4019 - Finished setting up network devices with caller assigned names
INFO     conf - ../src/lxc/conf.c:mount_autodev:1219 - Preparing "/dev"
INFO     conf - ../src/lxc/conf.c:mount_autodev:1280 - Prepared "/dev"
DEBUG    conf - ../src/lxc/conf.c:lxc_mount_auto_mounts:735 - Invalid argument - Tried to ensure procfs is unmounted
DEBUG    conf - ../src/lxc/conf.c:lxc_mount_auto_mounts:758 - Invalid argument - Tried to ensure sysfs is unmounted
DEBUG    conf - ../src/lxc/conf.c:mount_entry:2416 - Remounting "/sys/fs/fuse/connections" on "/usr/lib/x86_64-linux-gnu/lxc/rootfs/sys/fs/fuse/connections" to respect bind or remount options
DEBUG    conf - ../src/lxc/conf.c:mount_entry:2435 - Flags for "/sys/fs/fuse/connections" were 4110, required extra flags are 14
DEBUG    conf - ../src/lxc/conf.c:mount_entry:2479 - Mounted "/sys/fs/fuse/connections" on "/usr/lib/x86_64-linux-gnu/lxc/rootfs/sys/fs/fuse/connections" with filesystem type "none"
DEBUG    cgfsng - ../src/lxc/cgroups/cgfsng.c:__cgroupfs_mount:1542 - Mounted cgroup filesystem cgroup2 onto 20((null))
INFO     conf - ../src/lxc/conf.c:run_script_argv:337 - Executing script "/usr/share/lxcfs/lxc.mount.hook" for container "207", config section "lxc"
INFO     conf - ../src/lxc/conf.c:run_script_argv:337 - Executing script "/usr/share/lxc/hooks/lxc-pve-autodev-hook" for container "207", config section "lxc"
INFO     conf - ../src/lxc/conf.c:lxc_fill_autodev:1317 - Populating "/dev"
DEBUG    conf - ../src/lxc/conf.c:lxc_fill_autodev:1326 - Created device node "full"
DEBUG    conf - ../src/lxc/conf.c:lxc_fill_autodev:1326 - Created device node "null"
DEBUG    conf - ../src/lxc/conf.c:lxc_fill_autodev:1326 - Created device node "random"
DEBUG    conf - ../src/lxc/conf.c:lxc_fill_autodev:1326 - Created device node "tty"
DEBUG    conf - ../src/lxc/conf.c:lxc_fill_autodev:1326 - Created device node "urandom"
DEBUG    conf - ../src/lxc/conf.c:lxc_fill_autodev:1326 - Created device node "zero"
INFO     conf - ../src/lxc/conf.c:lxc_fill_autodev:1405 - Populated "/dev"
INFO     conf - ../src/lxc/conf.c:lxc_transient_proc:3775 - Caller's PID is 1; /proc/self points to 1
DEBUG    conf - ../src/lxc/conf.c:lxc_setup_devpts_child:1751 - Attached detached devpts mount 21 to 19/pts
DEBUG    conf - ../src/lxc/conf.c:lxc_setup_devpts_child:1837 - Created "/dev/ptmx" file as bind mount target
DEBUG    conf - ../src/lxc/conf.c:lxc_setup_devpts_child:1844 - Bind mounted "/dev/pts/ptmx" to "/dev/ptmx"
DEBUG    conf - ../src/lxc/conf.c:lxc_allocate_ttys:1104 - Created tty with ptx fd 23 and pty fd 24 and index 1
DEBUG    conf - ../src/lxc/conf.c:lxc_allocate_ttys:1104 - Created tty with ptx fd 25 and pty fd 26 and index 2
INFO     conf - ../src/lxc/conf.c:lxc_allocate_ttys:1109 - Finished creating 2 tty devices
DEBUG    conf - ../src/lxc/conf.c:lxc_setup_ttys:1028 - Bind mounted "pts/1" onto "/dev/lxc/tty1"
DEBUG    conf - ../src/lxc/conf.c:lxc_setup_ttys:1028 - Bind mounted "pts/2" onto "/dev/lxc/tty2"
INFO     conf - ../src/lxc/conf.c:lxc_setup_ttys:1072 - Finished setting up 2 /dev/tty<N> device(s)
INFO     conf - ../src/lxc/conf.c:setup_personality:1917 - Set personality to "0lx0"
DEBUG    conf - ../src/lxc/conf.c:capabilities_deny:3200 - Dropped mac_admin (33) capability
DEBUG    conf - ../src/lxc/conf.c:capabilities_deny:3200 - Dropped mac_override (32) capability
DEBUG    conf - ../src/lxc/conf.c:capabilities_deny:3200 - Dropped sys_time (25) capability
DEBUG    conf - ../src/lxc/conf.c:capabilities_deny:3200 - Dropped sys_module (16) capability
DEBUG    conf - ../src/lxc/conf.c:capabilities_deny:3200 - Dropped sys_rawio (17) capability
DEBUG    conf - ../src/lxc/conf.c:capabilities_deny:3203 - Capabilities have been setup
NOTICE   conf - ../src/lxc/conf.c:lxc_setup:4469 - The container "207" is set up
INFO     apparmor - ../src/lxc/lsm/apparmor.c:apparmor_process_label_set_at:1186 - Set AppArmor label to "lxc-207_</var/lib/lxc>//&:lxc-207_<-var-lib-lxc>:"
INFO     apparmor - ../src/lxc/lsm/apparmor.c:apparmor_process_label_set:1231 - Changed AppArmor profile to lxc-207_</var/lib/lxc>//&:lxc-207_<-var-lib-lxc>:
DEBUG    terminal - ../src/lxc/terminal.c:lxc_terminal_peer_default:695 - No such device - The process does not have a controlling terminal
NOTICE   utils - ../src/lxc/utils.c:lxc_drop_groups:1368 - Dropped supplimentary groups
NOTICE   start - ../src/lxc/start.c:start:2161 - Exec'ing "/sbin/init"
NOTICE   start - ../src/lxc/start.c:post_start:2172 - Started "/sbin/init" with pid "14708"
NOTICE   start - ../src/lxc/start.c:signal_handler:449 - Received 17 from pid 14704 instead of container init 14708
 
ch888 said:
DEBUG conf - ../src/lxc/conf.c:run_buffer:310 - Script exec /usr/share/lxc/hooks/lxc-pve-prestart-hook 207 lxc pre-start produced output: Can't locate object method "ct_is_symlink" via package "PVE::LXC::Setup::Unmanaged" at /usr/share/perl5/PVE/LXC/Setup.pm line 344.
DEBUG conf - ../src/lxc/conf.c:run_buffer:310 - Script exec /usr/share/lxc/hooks/lxc-pve-prestart-hook 207 lxc pre-start produced output: error in setup task PVE::LXC::Setup::get_ct_init_path
Click to expand...
That is a different error and only affects unmanaged CTs, I'll look into it
 
t.lamprecht said:
That is a different error and only affects unmanaged CTs, I'll look into it
Click to expand...

"unmanaged" is "not based on any official proxmox template"?

I tried to check this and just created a new container based on your debian11 template.
After applying all the updates again, I can indeed start the 104 (debian) container - but the 207 (openwrt) and other existing containers (arch linux and even debian11) ones based on "official" templates again fail to start.

root@pve-node-002:~# pct start 104 --debug
INFO confile - ../src/lxc/confile.c:set_config_idmaps:2267 - Read uid map: type u nsid 0 hostid 100000 range 65536
INFO confile - ../src/lxc/confile.c:set_config_idmaps:2267 - Read uid map: type g nsid 0 hostid 100000 range 65536
INFO lsm - ../src/lxc/lsm/lsm.c:lsm_init_static:38 - Initialized LSM security driver AppArmor
INFO conf - ../src/lxc/conf.c:run_script_argv:337 - Executing script "/usr/share/lxc/hooks/lxc-pve-prestart-hook" for container "104", config section "lxc"
DEBUG seccomp - ../src/lxc/seccomp.c:parse_config_v2:656 - Host native arch is [3221225534]
INFO seccomp - ../src/lxc/seccomp.c:parse_config_v2:807 - Processing "reject_force_umount # comment this to allow umount -f; not recommended"
INFO seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:524 - Set seccomp rule to reject force umounts
INFO seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:524 - Set seccomp rule to reject force umounts
INFO seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:524 - Set seccomp rule to reject force umounts
INFO seccomp - ../src/lxc/seccomp.c:parse_config_v2:807 - Processing "[all]"
INFO seccomp - ../src/lxc/seccomp.c:parse_config_v2:807 - Processing "kexec_load errno 1"
INFO seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:564 - Adding native rule for syscall[246:kexec_load] action[327681:errno] arch[0]
INFO seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:564 - Adding compat rule for syscall[246:kexec_load] action[327681:errno] arch[1073741827]
INFO seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:564 - Adding compat rule for syscall[246:kexec_load] action[327681:errno] arch[1073741886]
INFO seccomp - ../src/lxc/seccomp.c:parse_config_v2:807 - Processing "open_by_handle_at errno 1"
INFO seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:564 - Adding native rule for syscall[304:eek:pen_by_handle_at] action[327681:errno] arch[0]
INFO seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:564 - Adding compat rule for syscall[304:eek:pen_by_handle_at] action[327681:errno] arch[1073741827]
INFO seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:564 - Adding compat rule for syscall[304:eek:pen_by_handle_at] action[327681:errno] arch[1073741886]
INFO seccomp - ../src/lxc/seccomp.c:parse_config_v2:807 - Processing "init_module errno 1"
INFO seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:564 - Adding native rule for syscall[175:init_module] action[327681:errno] arch[0]
INFO seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:564 - Adding compat rule for syscall[175:init_module] action[327681:errno] arch[1073741827]
INFO seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:564 - Adding compat rule for syscall[175:init_module] action[327681:errno] arch[1073741886]
INFO seccomp - ../src/lxc/seccomp.c:parse_config_v2:807 - Processing "finit_module errno 1"
INFO seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:564 - Adding native rule for syscall[313:finit_module] action[327681:errno] arch[0]
INFO seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:564 - Adding compat rule for syscall[313:finit_module] action[327681:errno] arch[1073741827]
INFO seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:564 - Adding compat rule for syscall[313:finit_module] action[327681:errno] arch[1073741886]
INFO seccomp - ../src/lxc/seccomp.c:parse_config_v2:807 - Processing "delete_module errno 1"
INFO seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:564 - Adding native rule for syscall[176:delete_module] action[327681:errno] arch[0]
INFO seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:564 - Adding compat rule for syscall[176:delete_module] action[327681:errno] arch[1073741827]
INFO seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:564 - Adding compat rule for syscall[176:delete_module] action[327681:errno] arch[1073741886]
INFO seccomp - ../src/lxc/seccomp.c:parse_config_v2:807 - Processing "ioctl errno 1 [1,0x9400,SCMP_CMP_MASKED_EQ,0xff00]"
INFO seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:547 - arg_cmp[0]: SCMP_CMP(1, 7, 65280, 37888)
INFO seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:564 - Adding native rule for syscall[16:ioctl] action[327681:errno] arch[0]
INFO seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:547 - arg_cmp[0]: SCMP_CMP(1, 7, 65280, 37888)
INFO seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:564 - Adding compat rule for syscall[16:ioctl] action[327681:errno] arch[1073741827]
INFO seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:547 - arg_cmp[0]: SCMP_CMP(1, 7, 65280, 37888)
INFO seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:564 - Adding compat rule for syscall[16:ioctl] action[327681:errno] arch[1073741886]
INFO seccomp - ../src/lxc/seccomp.c:parse_config_v2:807 - Processing "keyctl errno 38"
INFO seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:564 - Adding native rule for syscall[250:keyctl] action[327718:errno] arch[0]
INFO seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:564 - Adding compat rule for syscall[250:keyctl] action[327718:errno] arch[1073741827]
INFO seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:564 - Adding compat rule for syscall[250:keyctl] action[327718:errno] arch[1073741886]
INFO seccomp - ../src/lxc/seccomp.c:parse_config_v2:1017 - Merging compat seccomp contexts into main context
INFO start - ../src/lxc/start.c:lxc_init:884 - Container "104" is initialized
INFO cgfsng - ../src/lxc/cgroups/cgfsng.c:cgfsng_monitor_create:1029 - The monitor process uses "lxc.monitor/104" as cgroup
DEBUG storage - ../src/lxc/storage/storage.c:storage_query:231 - Detected rootfs type "dir"
DEBUG storage - ../src/lxc/storage/storage.c:storage_query:231 - Detected rootfs type "dir"
INFO cgfsng - ../src/lxc/cgroups/cgfsng.c:cgfsng_payload_create:1137 - The container process uses "lxc/104/ns" as inner and "lxc/104" as limit cgroup
INFO start - ../src/lxc/start.c:lxc_spawn:1765 - Cloned CLONE_NEWUSER
INFO start - ../src/lxc/start.c:lxc_spawn:1765 - Cloned CLONE_NEWNS
INFO start - ../src/lxc/start.c:lxc_spawn:1765 - Cloned CLONE_NEWPID
INFO start - ../src/lxc/start.c:lxc_spawn:1765 - Cloned CLONE_NEWUTS
INFO start - ../src/lxc/start.c:lxc_spawn:1765 - Cloned CLONE_NEWIPC
INFO start - ../src/lxc/start.c:lxc_spawn:1765 - Cloned CLONE_NEWCGROUP
DEBUG start - ../src/lxc/start.c:lxc_try_preserve_namespace:139 - Preserved user namespace via fd 17 and stashed path as user:/proc/21325/fd/17
DEBUG start - ../src/lxc/start.c:lxc_try_preserve_namespace:139 - Preserved mnt namespace via fd 18 and stashed path as mnt:/proc/21325/fd/18
DEBUG start - ../src/lxc/start.c:lxc_try_preserve_namespace:139 - Preserved pid namespace via fd 19 and stashed path as pid:/proc/21325/fd/19
DEBUG start - ../src/lxc/start.c:lxc_try_preserve_namespace:139 - Preserved uts namespace via fd 20 and stashed path as uts:/proc/21325/fd/20
DEBUG start - ../src/lxc/start.c:lxc_try_preserve_namespace:139 - Preserved ipc namespace via fd 21 and stashed path as ipc:/proc/21325/fd/21
DEBUG start - ../src/lxc/start.c:lxc_try_preserve_namespace:139 - Preserved cgroup namespace via fd 22 and stashed path as cgroup:/proc/21325/fd/22
DEBUG conf - ../src/lxc/conf.c:idmaptool_on_path_and_privileged:3520 - The binary "/usr/bin/newuidmap" does have the setuid bit set
DEBUG conf - ../src/lxc/conf.c:idmaptool_on_path_and_privileged:3520 - The binary "/usr/bin/newgidmap" does have the setuid bit set
DEBUG conf - ../src/lxc/conf.c:lxc_map_ids:3605 - Functional newuidmap and newgidmap binary found
INFO cgfsng - ../src/lxc/cgroups/cgfsng.c:cgfsng_setup_limits:2863 - Limits for the unified cgroup hierarchy have been setup
DEBUG conf - ../src/lxc/conf.c:idmaptool_on_path_and_privileged:3520 - The binary "/usr/bin/newuidmap" does have the setuid bit set
DEBUG conf - ../src/lxc/conf.c:idmaptool_on_path_and_privileged:3520 - The binary "/usr/bin/newgidmap" does have the setuid bit set
INFO conf - ../src/lxc/conf.c:lxc_map_ids:3603 - Caller maps host root. Writing mapping directly
NOTICE utils - ../src/lxc/utils.c:lxc_drop_groups:1368 - Dropped supplimentary groups
INFO start - ../src/lxc/start.c:do_start:1107 - Unshared CLONE_NEWNET
NOTICE utils - ../src/lxc/utils.c:lxc_drop_groups:1368 - Dropped supplimentary groups
NOTICE utils - ../src/lxc/utils.c:lxc_switch_uid_gid:1344 - Switched to gid 0
NOTICE utils - ../src/lxc/utils.c:lxc_switch_uid_gid:1353 - Switched to uid 0
DEBUG start - ../src/lxc/start.c:lxc_try_preserve_namespace:139 - Preserved net namespace via fd 5 and stashed path as net:/proc/21325/fd/5
INFO conf - ../src/lxc/conf.c:run_script_argv:337 - Executing script "/usr/share/lxc/lxcnetaddbr" for container "104", config section "net"
DEBUG network - ../src/lxc/network.c:netdev_configure_server_veth:852 - Instantiated veth tunnel "veth104i0 <--> vethrtbNph"
DEBUG conf - ../src/lxc/conf.c:lxc_mount_rootfs:1436 - Mounted rootfs "/var/lib/lxc/104/rootfs" onto "/usr/lib/x86_64-linux-gnu/lxc/rootfs" with options "(null)"
INFO conf - ../src/lxc/conf.c:setup_utsname:875 - Set hostname to "failtest"
DEBUG network - ../src/lxc/network.c:setup_hw_addr:3821 - Mac address "9A:1A:3B:42:2D:8C" on "eth0" has been setup
DEBUG network - ../src/lxc/network.c:lxc_network_setup_in_child_namespaces_common:3962 - Network device "eth0" has been setup
INFO network - ../src/lxc/network.c:lxc_setup_network_in_child_namespaces:4019 - Finished setting up network devices with caller assigned names
INFO conf - ../src/lxc/conf.c:mount_autodev:1219 - Preparing "/dev"
INFO conf - ../src/lxc/conf.c:mount_autodev:1280 - Prepared "/dev"
DEBUG conf - ../src/lxc/conf.c:lxc_mount_auto_mounts:735 - Invalid argument - Tried to ensure procfs is unmounted
DEBUG conf - ../src/lxc/conf.c:lxc_mount_auto_mounts:758 - Invalid argument - Tried to ensure sysfs is unmounted
DEBUG conf - ../src/lxc/conf.c:mount_entry:2416 - Remounting "/sys/fs/fuse/connections" on "/usr/lib/x86_64-linux-gnu/lxc/rootfs/sys/fs/fuse/connections" to respect bind or remount options
DEBUG conf - ../src/lxc/conf.c:mount_entry:2435 - Flags for "/sys/fs/fuse/connections" were 4110, required extra flags are 14
DEBUG conf - ../src/lxc/conf.c:mount_entry:2479 - Mounted "/sys/fs/fuse/connections" on "/usr/lib/x86_64-linux-gnu/lxc/rootfs/sys/fs/fuse/connections" with filesystem type "none"
DEBUG conf - ../src/lxc/conf.c:mount_entry:2479 - Mounted "proc" on "/usr/lib/x86_64-linux-gnu/lxc/rootfs/dev/.lxc/proc" with filesystem type "proc"
DEBUG conf - ../src/lxc/conf.c:mount_entry:2479 - Mounted "sys" on "/usr/lib/x86_64-linux-gnu/lxc/rootfs/dev/.lxc/sys" with filesystem type "sysfs"
DEBUG cgfsng - ../src/lxc/cgroups/cgfsng.c:__cgroupfs_mount:1542 - Mounted cgroup filesystem cgroup2 onto 19((null))
INFO conf - ../src/lxc/conf.c:run_script_argv:337 - Executing script "/usr/share/lxcfs/lxc.mount.hook" for container "104", config section "lxc"
INFO conf - ../src/lxc/conf.c:run_script_argv:337 - Executing script "/usr/share/lxc/hooks/lxc-pve-autodev-hook" for container "104", config section "lxc"
INFO conf - ../src/lxc/conf.c:lxc_fill_autodev:1317 - Populating "/dev"
DEBUG conf - ../src/lxc/conf.c:lxc_fill_autodev:1401 - Bind mounted host device 16(dev/full) to 18(full)
DEBUG conf - ../src/lxc/conf.c:lxc_fill_autodev:1401 - Bind mounted host device 16(dev/null) to 18(null)
DEBUG conf - ../src/lxc/conf.c:lxc_fill_autodev:1401 - Bind mounted host device 16(dev/random) to 18(random)
DEBUG conf - ../src/lxc/conf.c:lxc_fill_autodev:1401 - Bind mounted host device 16(dev/tty) to 18(tty)
DEBUG conf - ../src/lxc/conf.c:lxc_fill_autodev:1401 - Bind mounted host device 16(dev/urandom) to 18(urandom)
DEBUG conf - ../src/lxc/conf.c:lxc_fill_autodev:1401 - Bind mounted host device 16(dev/zero) to 18(zero)
INFO conf - ../src/lxc/conf.c:lxc_fill_autodev:1405 - Populated "/dev"
INFO conf - ../src/lxc/conf.c:lxc_transient_proc:3775 - Caller's PID is 1; /proc/self points to 1
DEBUG conf - ../src/lxc/conf.c:lxc_setup_devpts_child:1751 - Attached detached devpts mount 20 to 18/pts
DEBUG conf - ../src/lxc/conf.c:lxc_setup_devpts_child:1837 - Created "/dev/ptmx" file as bind mount target
DEBUG conf - ../src/lxc/conf.c:lxc_setup_devpts_child:1844 - Bind mounted "/dev/pts/ptmx" to "/dev/ptmx"
DEBUG conf - ../src/lxc/conf.c:lxc_allocate_ttys:1104 - Created tty with ptx fd 22 and pty fd 23 and index 1
DEBUG conf - ../src/lxc/conf.c:lxc_allocate_ttys:1104 - Created tty with ptx fd 24 and pty fd 25 and index 2
INFO conf - ../src/lxc/conf.c:lxc_allocate_ttys:1109 - Finished creating 2 tty devices
DEBUG conf - ../src/lxc/conf.c:lxc_setup_ttys:1065 - Bind mounted "pts/1" onto "tty1"
DEBUG conf - ../src/lxc/conf.c:lxc_setup_ttys:1065 - Bind mounted "pts/2" onto "tty2"
INFO conf - ../src/lxc/conf.c:lxc_setup_ttys:1072 - Finished setting up 2 /dev/tty<N> device(s)
INFO conf - ../src/lxc/conf.c:setup_personality:1917 - Set personality to "0lx0"
DEBUG conf - ../src/lxc/conf.c:capabilities_deny:3203 - Capabilities have been setup
NOTICE conf - ../src/lxc/conf.c:lxc_setup:4469 - The container "104" is set up
INFO apparmor - ../src/lxc/lsm/apparmor.c:apparmor_process_label_set_at:1186 - Set AppArmor label to "lxc-104_</var/lib/lxc>//&:lxc-104_<-var-lib-lxc>:"
INFO apparmor - ../src/lxc/lsm/apparmor.c:apparmor_process_label_set:1231 - Changed AppArmor profile to lxc-104_</var/lib/lxc>//&:lxc-104_<-var-lib-lxc>:
DEBUG terminal - ../src/lxc/terminal.c:lxc_terminal_peer_default:695 - No such device - The process does not have a controlling terminal
NOTICE start - ../src/lxc/start.c:start:2161 - Exec'ing "/sbin/init"
NOTICE start - ../src/lxc/start.c:post_start:2172 - Started "/sbin/init" with pid "21348"
NOTICE start - ../src/lxc/start.c:signal_handler:449 - Received 17 from pid 21344 instead of container init 21348
 
Last edited:
... and the existing one:

root@pve-node-002:~# pct start 206 --debug
run_buffer: 321 Script exited with status 255
lxc_create_network_priv: 3427 No such device - Failed to create network device
lxc_spawn: 1843 Failed to create the network
__lxc_start: 2074 Failed to spawn container "206"
seccomp - ../src/lxc/seccomp.c:parse_config_v2:656 - Host native arch is [3221225534]
INFO seccomp - ../src/lxc/seccomp.c:parse_config_v2:807 - Processing "reject_force_umount # comment this to allow umount -f; not recommended"
INFO seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:524 - Set seccomp rule to reject force umounts
INFO seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:524 - Set seccomp rule to reject force umounts
INFO seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:524 - Set seccomp rule to reject force umounts
INFO seccomp - ../src/lxc/seccomp.c:parse_config_v2:807 - Processing "[all]"
INFO seccomp - ../src/lxc/seccomp.c:parse_config_v2:807 - Processing "kexec_load errno 1"
INFO seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:564 - Adding native rule for syscall[246:kexec_load] action[327681:errno] arch[0]
INFO seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:564 - Adding compat rule for syscall[246:kexec_load] action[327681:errno] arch[1073741827]
INFO seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:564 - Adding compat rule for syscall[246:kexec_load] action[327681:errno] arch[1073741886]
INFO seccomp - ../src/lxc/seccomp.c:parse_config_v2:807 - Processing "open_by_handle_at errno 1"
INFO seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:564 - Adding native rule for syscall[304:eek:pen_by_handle_at] action[327681:errno] arch[0]
INFO seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:564 - Adding compat rule for syscall[304:eek:pen_by_handle_at] action[327681:errno] arch[1073741827]
INFO seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:564 - Adding compat rule for syscall[304:eek:pen_by_handle_at] action[327681:errno] arch[1073741886]
INFO seccomp - ../src/lxc/seccomp.c:parse_config_v2:807 - Processing "init_module errno 1"
INFO seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:564 - Adding native rule for syscall[175:init_module] action[327681:errno] arch[0]
INFO seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:564 - Adding compat rule for syscall[175:init_module] action[327681:errno] arch[1073741827]
INFO seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:564 - Adding compat rule for syscall[175:init_module] action[327681:errno] arch[1073741886]
INFO seccomp - ../src/lxc/seccomp.c:parse_config_v2:807 - Processing "finit_module errno 1"
INFO seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:564 - Adding native rule for syscall[313:finit_module] action[327681:errno] arch[0]
INFO seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:564 - Adding compat rule for syscall[313:finit_module] action[327681:errno] arch[1073741827]
INFO seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:564 - Adding compat rule for syscall[313:finit_module] action[327681:errno] arch[1073741886]
INFO seccomp - ../src/lxc/seccomp.c:parse_config_v2:807 - Processing "delete_module errno 1"
INFO seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:564 - Adding native rule for syscall[176:delete_module] action[327681:errno] arch[0]
INFO seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:564 - Adding compat rule for syscall[176:delete_module] action[327681:errno] arch[1073741827]
INFO seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:564 - Adding compat rule for syscall[176:delete_module] action[327681:errno] arch[1073741886]
INFO seccomp - ../src/lxc/seccomp.c:parse_config_v2:1017 - Merging compat seccomp contexts into main context
INFO start - ../src/lxc/start.c:lxc_init:884 - Container "206" is initialized
INFO cgfsng - ../src/lxc/cgroups/cgfsng.c:cgfsng_monitor_create:1029 - The monitor process uses "lxc.monitor/206" as cgroup
DEBUG storage - ../src/lxc/storage/storage.c:storage_query:231 - Detected rootfs type "dir"
INFO cgfsng - ../src/lxc/cgroups/cgfsng.c:cgfsng_payload_create:1137 - The container process uses "lxc/206/ns" as inner and "lxc/206" as limit cgroup
INFO start - ../src/lxc/start.c:lxc_spawn:1765 - Cloned CLONE_NEWNS
INFO start - ../src/lxc/start.c:lxc_spawn:1765 - Cloned CLONE_NEWPID
INFO start - ../src/lxc/start.c:lxc_spawn:1765 - Cloned CLONE_NEWUTS
INFO start - ../src/lxc/start.c:lxc_spawn:1765 - Cloned CLONE_NEWIPC
INFO start - ../src/lxc/start.c:lxc_spawn:1765 - Cloned CLONE_NEWNET
INFO start - ../src/lxc/start.c:lxc_spawn:1765 - Cloned CLONE_NEWCGROUP
DEBUG start - ../src/lxc/start.c:lxc_try_preserve_namespace:139 - Preserved mnt namespace via fd 18 and stashed path as mnt:/proc/25188/fd/18
DEBUG start - ../src/lxc/start.c:lxc_try_preserve_namespace:139 - Preserved pid namespace via fd 19 and stashed path as pid:/proc/25188/fd/19
DEBUG start - ../src/lxc/start.c:lxc_try_preserve_namespace:139 - Preserved uts namespace via fd 20 and stashed path as uts:/proc/25188/fd/20
DEBUG start - ../src/lxc/start.c:lxc_try_preserve_namespace:139 - Preserved ipc namespace via fd 21 and stashed path as ipc:/proc/25188/fd/21
DEBUG start - ../src/lxc/start.c:lxc_try_preserve_namespace:139 - Preserved net namespace via fd 22 and stashed path as net:/proc/25188/fd/22
DEBUG start - ../src/lxc/start.c:lxc_try_preserve_namespace:139 - Preserved cgroup namespace via fd 23 and stashed path as cgroup:/proc/25188/fd/23
WARN cgfsng - ../src/lxc/cgroups/cgfsng.c:cgfsng_setup_limits_legacy:2767 - Invalid argument - Ignoring legacy cgroup limits on pure cgroup2 system
INFO cgfsng - ../src/lxc/cgroups/cgfsng.c:cgfsng_setup_limits:2863 - Limits for the unified cgroup hierarchy have been setup
INFO conf - ../src/lxc/conf.c:run_script_argv:337 - Executing script "/usr/share/lxc/lxcnetaddbr" for container "206", config section "net"
DEBUG conf - ../src/lxc/conf.c:run_buffer:310 - Script exec /usr/share/lxc/lxcnetaddbr 206 net up veth veth206i0 produced output: RTNETLINK answers: Operation not supported

DEBUG conf - ../src/lxc/conf.c:run_buffer:310 - Script exec /usr/share/lxc/lxcnetaddbr 206 net up veth veth206i0 produced output: command '/sbin/bridge fdb append 46:FA:B1:44:34:F1 dev veth206i0 master static' failed: exit code 255

ERROR conf - ../src/lxc/conf.c:run_buffer:321 - Script exited with status 255
ERROR network - ../src/lxc/network.c:lxc_create_network_priv:3427 - No such device - Failed to create network device
ERROR start - ../src/lxc/start.c:lxc_spawn:1843 - Failed to create the network
DEBUG network - ../src/lxc/network.c:lxc_delete_network:4173 - Deleted network devices
ERROR start - ../src/lxc/start.c:__lxc_start:2074 - Failed to spawn container "206"
WARN start - ../src/lxc/start.c:lxc_abort:1039 - No such process - Failed to send SIGKILL via pidfd 17 for process 25222
startup for container '206' failed
 
FYI: all of our official templates work fine here with the latest pve-container version and UI CT create wizard defaults, so for those there seems something different in your setup that triggers this; the dozens of positive feedback I got over the missing dependency declaration fix would support that theory; not saying that it's something misconfigured on your side - just that its different than most users have.
ch888 said:
DEBUG conf - ../src/lxc/conf.c:run_buffer:310 - Script exec /usr/share/lxc/lxcnetaddbr 206 net up veth veth206i0 produced output: command '/sbin/bridge fdb append 46:FA:B1:44:34:F1 dev veth206i0 master static' failed: exit code 255

ERROR conf - ../src/lxc/conf.c:run_buffer:321 - Script exited with status 255
ERROR network - ../src/lxc/network.c:lxc_create_network_priv:3427 - No such device - Failed to create network device
Click to expand...
That's again a completely different error and fails when trying to create the CT's veth network device, more specifically when adding the MAC to the bridges FDB table.
Could it be that you have bridge-disable-mac-learning and or the optional SDN tech-preview active? (Albeit at least the former works fine here too).
Can you post your network config? Are you using openvswitch?
 
Last edited:
t.lamprecht said:
Can you post your network config? Are you using openvswitch?
Click to expand...
Yes I do.

/etc/network/interfaces
Code: 
auto lo
iface lo inet loopback

auto eno1
iface eno1 inet manual
        ovs_type OVSPort
        ovs_bridge vmbr0
        ovs_mtu 1500

auto vlanXXX
iface vlanXXX inet static
        address 192.168.XXX.42/24
        gateway 192.168.XXX.1
        ovs_type OVSIntPort
        ovs_bridge vmbr0
        ovs_options tag=XXX

auto vmbr0
iface vmbr0 inet manual
        ovs_type OVSBridge
        ovs_ports eno1 vlanXXX
        ovs_mtu 1500

network config from LXC 207 (openwrt) - not starting with the updated packages

Code: 
net0: name=eth0,bridge=vmbr0,firewall=1,hwaddr=66:41:4C:AC:53:22,ip=dhcp,tag=YYY,type=veth
net1: name=eth1,bridge=vmbr0,hwaddr=B6:D3:D3:94:79:E5,ip=dhcp,tag=XXX,type=veth

network config from LXC 206 (debian) - not starting with the updated packages

Code: 
net0: name=eth0,bridge=vmbr0,hwaddr=46:FA:B1:44:34:F1,ip=dhcp,tag=XXX,type=veth

network config from LXC 104 (debian) - starting with the updated packages

Code: 
net0: name=eth0,bridge=vmbr0,firewall=1,hwaddr=9A:1A:3B:42:2D:8C,ip=dhcp,tag=YYY,type=veth
 
Guess what: Toggling "firewall" in LXC 206 makes the container starting or fail starting.
Cross check: Toggling "firewall" in the newly created container LXC 104 also makes the container starting or fail starting.
But enabling "firewall" for the net1 interface in LXC 207 does not make the container starting.

As far as I can see, with the updated packages all containers with one interface and unchecked "firewall" fail to start.

There is another problem with the container that has two network interfaces.
Attaching a second interface to the LXC 104 container does not cause any problems.
The only differences between LXC 104 and LXC 207 is that LXC 104 is "managed", "nesting" and "unprivileged", LXC 206 is "unmanaged", "not nesting" and "privileged".

Edit:

Just tested: create new container with two network interfaces as "managed", "not nesting" and "privileged" - starts perfectly.

Cross check: create new container with two network interfaces as "unmanaged", "not nesting" and "privileged" - even the creation fails:

Code: 
Formatting '/var/lib/vz/images/106/vm-106-disk-0.raw', fmt=raw size=8589934592 preallocation=off
Creating filesystem with 2097152 4k blocks and 524288 inodes
Filesystem UUID: 485fdf36-08ee-4fd3-8e31-bc63bc3042c5
Superblock backups stored on blocks: 
    32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632
extracting archive '/var/lib/vz/template/cache/openwrt-snapshot_20220702_amd64.tar.xz'
Total bytes read: 12175360 (12MiB, 26MiB/s)
Detected container architecture: amd64
unknown ID 'openwrt' in /etc/os-release file, trying fallback detection
TASK ERROR: unable to create CT 106 - unable to detect OS distribution
 
Last edited:
  • Like
Reactions: fzoc
ch888 said:
Guess what: Toggling "firewall" in LXC 206 makes the container starting or fail starting.
Click to expand...
Many thanks for this !

I had the same issue with my pihole container not restarting after installing all the PVE updates (including the latests one published during the day). Wife and kids started whinning but fortunately enabling the firewall solves the issue.

I'm in the process of upgrading all my VMs (and I have issues with /sbin/bridge failing when restarting some of them) and containers to latest Ubuntu releases but I guess I'll wait a bit for all this to stabilize/be fixed before continuing...
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back